Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
tails
tails
Commits
432320fa
Commit
432320fa
authored
Oct 01, 2011
by
Tails developers
Browse files
Remove the htp user firewall exception.
parent
58e1b1a3
Changes
1
Hide whitespace changes
Inline
Side-by-side
config/chroot_local-includes/etc/firewall.conf
View file @
432320fa
...
...
@@ -12,18 +12,11 @@
# Established outgoing connections are accepted.
[
0
:
0
] -
A
OUTPUT
-
m
state
--
state
RELATED
,
ESTABLISHED
-
j
ACCEPT
# Note: this must run before traffic is dispatched to the lan rule.
# The htp user is allowed to connect to services listening on the https port...
[
0
:
0
] -
A
OUTPUT
-
m
owner
--
uid
-
owner
htp
-
p
TCP
--
dport
https
-
j
ACCEPT
# ... and to services listening on the domain port.
[
0
:
0
] -
A
OUTPUT
-
m
owner
--
uid
-
owner
htp
-
p
TCP
--
dport
domain
-
j
ACCEPT
[
0
:
0
] -
A
OUTPUT
-
m
owner
--
uid
-
owner
htp
-
p
UDP
--
dport
domain
-
j
ACCEPT
# Internal network connections are accepted.
[
0
:
0
] -
A
OUTPUT
-
d
127
.
0
.
0
.
0
/
255
.
0
.
0
.
0
-
j
ACCEPT
# Local network connections should not go through Tor but DNS shall be
# rejected
- apart for the htp user
.
# rejected.
[
0
:
0
] -
N
lan
[
0
:
0
] -
A
lan
-
p
TCP
--
dport
domain
-
j
REJECT
[
0
:
0
] -
A
lan
-
p
UDP
--
dport
domain
-
j
REJECT
...
...
@@ -65,12 +58,6 @@ COMMIT
# i2p is allowed to do anything it wants to.
[
0
:
0
] -
A
OUTPUT
-
m
owner
--
uid
-
owner
i2psvc
-
j
RETURN
# The htp user is allowed to connect to services listening on the https port...
[
0
:
0
] -
A
OUTPUT
-
m
owner
--
uid
-
owner
htp
-
p
TCP
--
dport
https
-
j
RETURN
# ... and to services listening on the domain port.
[
0
:
0
] -
A
OUTPUT
-
m
owner
--
uid
-
owner
htp
-
p
TCP
--
dport
domain
-
j
RETURN
[
0
:
0
] -
A
OUTPUT
-
m
owner
--
uid
-
owner
htp
-
p
UDP
--
dport
domain
-
j
RETURN
# .onion mapped addresses redirection to Tor.
[
0
:
0
] -
A
OUTPUT
-
d
127
.
192
.
0
.
0
/
255
.
192
.
0
.
0
-
p
tcp
-
m
tcp
-
j
REDIRECT
--
to
-
ports
9040
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment